An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
718
stars
62
forks
source link
Remove the needs for write permissions, and/or use fine grained permission tokens #119
Open
sammcj opened 1 year ago
At present the documentation states this needs full repo access, it would be advantageous to make this only require read permission scopes.
If this isn't possible - it should use the new Github fine grained tokens which provide improved permission scopes.
https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/